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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A method employed on a server computer for switching 
from a first encryption algorithm to a second encryption algorithm, comprising: 

receiving an encryption algorithm negotiation request from a client computer, 
wherein the encryption algorithm negotiation request specifies an encryption algorithm for 
subsequent communications between the client computer and the server computer; and 

sending a subsession key to the client computer, wherein the subsession key may 
be used by the client computer to switch from [[a]] an established first encryption to a second 
encr3q)tion algorithm for use in conjunction with the selected encryption algorithm to encr3q)t 
future communications to the server computer. 

2. (Currently Amended) A method according to claim 1 , wherein the receiving and 
sending are performed as part of an additional authentication protocol. 

3. (Original) A method according to claim 2, wherein the authentication 
protocol is a Generic Security Services Application Programming Interface ("GSSAPI") 
implementation of a Kerberos authentication protocol. 

4. (Original) A method according to claim 3, wherein the encryption algorithm 
negotiation request is a context negotiation flag in a checksum that is received by the server 
computer with an Authentication Protocol Request ("AP-REQ"). 

5. (Original) A method according to claim 4, wherein the AP-REQ is encrypted 
using one of the Ron's Code 4 ("RC4") encryption algorithm, the Data Encryption Standard 
("DES") encryption algorithm, and the Triple Data Encryption Standard ("3DES") encryption 
algorithm. 
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6. (Original) A method according to claim 5, wherein the encryption algorithm 
negotiation request specifies the Advanced Encryption Standard ("AES") encryption algorithm 
for subsequent communications between the client computer and the server computer. 

7. (Original) A method according to claim 1, further comprising determining the 

encryption algorithm for subsequent communications between the client computer and the server 
computer by deriving an encryption algorithm from a key sent with said encryption algorithm 
negotiation request. 

8. (Currently Amended) A computer readable storage medium containing 
instructions for a process of negotiating an encryption algorithm between two or more 
computers, said process comprising: 

sending an encryption algorithm negotiation request to a server computer 
indicating that a client computer in current communication with the server supports a specified 
encrj^tion algorithm; and 

anticipating a subsession key from the server computer for use with the specified 
encryption algorithm; and 

switching to the specified encryption algorithm if the subsession key for use with 
the specified encryption algorithm is delivered. 

9. (Currently Amended) The computer readable storage medium containing 
instructions for a process of claim 8, wherein said a process further comprises authenticating the 
server computer. 

10. (Currently Amended) The computer readable storage medium containing 
instructions for a process of claim 9, wherein the authentication protocol is a Generic Security 
Services Application Programming Interface ("GSSAPI") implementation of a Kerberos 
authentication protocol. 
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1 1 . (Currently Amended) The computer readable storage medium containing 
instructions for a process of claim 10, wherein the encryption algorithm negotiation request is a 
context negotiation flag in a checksum that is received by the server computer with an 
Authentication Protocol Request ("AP-REQ"). 

1 2. (Currently Amended) The computer readable storage medium containing 
instructions for a process of claim 11, wherein the AP-REQ is encrypted using one of the Ron's 
Code 4 ("RC4") encryption algorithm, the Data Encryption Standard ("DES") encryption 
algorithm, and the Triple Data Encryption Standard ("3DES") encryption algorithm. 

13. (Currently Amended) The computer readable storage medium containing 
instructions for a process of claim 12, wherein the encryption algorithm negotiation request 
specifies the Advanced Encryption Standard ("AES") encryption algorithm for subsequent 
communications between the client computer and the server computer. 

14. (Canceled) 

15. (Currently Amended) A method for automatically renegotiating an encryption 
algorithm when a first computer requests access to a second computer, comprising: 

receiving at the first computer a function call made by an application to an 
Application Programming Interface("API"); and 

initiating in the first computer an authentication protocol process to authenticate 
the first computer to the second computer; and 

including an automatic renegotiation request for an encryption algorithm with an 
authentication protocol process communication fi-om the first computer to the second computer, 
wherein the renegotiation request specifies that the first computer supports one or more 
encryption algorithms. 
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16. (Original) The method of claim 1 5 , whereiti the negotiation request is a key, 
and wherein a supported encryption algorithm may be derived from the key. 

17. (Original) The method of claim 15, fiirther comprising anticipating a 
subsession key from the second computer for use with one or more of said one or more 
encryption algorithms. 

18. (Original) The method of claim 17, further comprising switching by the first 
computer to one of said one or more encryption algorithms upon receiving said subsession key, 
wherein switching by the first computer is for the purpose of subsequent communications with 
the second computer. 

19-20. (Canceled) 

2 1 . (Original) The method of claim 1 7, wherein the authentication protocol 
process to authenticate the first computer to the second computer is a Kerberos authentication 
protocol process. 

22. (Original) The method of claim 17, wherein the negotiation request specifies 
that the first computer supports the AES encryption algorithm. 

23 . (Original) The method of claim 1 7, wherein the negotiation request is in the 
form of a context negotiation flag in a checksum generated by a fimction call to the General 
Security Services Application Programming Interface ("GSSAPI"). 

24. (Currently Amended) A means embodied in a computer readable storage medium 
for negotiating an encryption algorithm between two or more computers involved in an 
authentication protocol, comprising: 
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means for reading a negotiation request from a first computer, wherein said 
negotiation request is a negotiation request subsequent to transmission of a subsession key by the 
first computer and specifies one or more encryption algorithms supported by the first computer, 
and wherein the negotiation request is included with an authentication protocol communication 
from the first computer; and 

means for switching to one or more of said one or more encryption algorithms for 
the purpose of subsequent communications with said first computer. 

25. (Currently Amended) A means embodied in a computer readable storage medium 
for negotiating an encryption algorithm according to claim 24, further comprising means for 
calculating and delivering a subsession key to the first computer for use with said one or more 
encr3q)tion algorithms. 

26. (Currently Amended) A means embodied in a computer readable storage medium 
for negotiating an encryption algorithm according to claim 25, wherein the negotiation request 
specifies the Advanced Encryption Standard ("AES") encryption algorithm for subsequent 
contmiunications between the client computer and the server computer. 

27. (Currently Amended) A means embodied in a computer readable storauc medium 
for negotiating an encryption algorithm according to claim 24, wherein the authentication 
protocol is a Generic Seciirity Services Application Programming Interface ("GSSAPI") 
implementation of a Kerberos authentication protocol. 

28. (Currently Amended) A means embodied in a computer readable storage medium 
for negotiating an encryption algorithm according to claim 27, wherein the encryption algorithm 
negotiation request is a context negotiation flag in a checksum that is received by the server 
computer with an Authentication Protocol Request ("AP-REQ"). 



Page 6 of 13 



